Skip to Content
UDS Simulator 2.0 Released
Docs0x3D Write Memory By Address

Service Interaction Protocol

Write Memory

0x3D
Protocol Identifier
Allows the tester to write specific data bytes to absolute memory addresses (RAM, EEPROM, Flash).
A Service Identifier (SID) is a single-byte value (0x00–0xFF) in position 0 of every UDS request frame. It specifies which diagnostic operation the client wishes the ECU to execute. The positive response echoes the SID with the high bit set (SID + 0x40).

ACCESS_TYPE

ABSOLUTE
Targets specific physical memory offsets rather than Logical Identifiers (DIDs).

PRIVILEGE

RESTRICED
Security Level Match and Session State (Extended/Programming) are strictly enforced.

ALFID_LOGIC

VARIABLE
Supports various addressing widths (2-byte, 3-byte, 4-byte) via format byte.

Overview

ISO 14229-1

“The client uses this service to write information into the server at one or more contiguous memory addresses.”

warning _entry

Critical Security Risk This service provides low-level access to the ECU’s memory. Improper use can overwrite firmware, corrupt calibration data, or brick the ECU. It is almost always protected by Security Access (0x27).

info _entry
Common Uses
  • Writing Calibration parameters (RAM).
  • Programming Configuration data (VIN, Options).
  • Applying temporary Software Patches.

Default Behavior

By default, absolute memory write access is disabled. Service 0x3D is typically only available in Extended (0x03) or Programming (0x02) sessions after a successful Security Access (0x27) unlock. Changes to volatile memory (RAM) are lost after an ECU reset, while writes to non-volatile regions (NVM/Flash) persist.

Protocol Anatomy (32-bit Write)

◆ PROTOCOL ANATOMY

View
REQUEST_TX

0x3D WRITE MEMORY

RESPONSE_RX

0x3D RESPONSE

Message Format

The request uses an ALFID (Address and Length Format Identifier) byte to define the size of the address and data length parameters.

Byte
Name
Description
0SID0x3D
1ALFIDFormat byte (e.g., 0x44 for 32-bit addr/size)
2...AddressStarting memory address
N...SizeNumber of bytes to write
M...DataActual data payload
Example: Write RAM

Writing value 0x012C (300) to Address 0x20001000.

tx_packet

Request

3D 44 20 00 10 00 00 00 00 04 00 00 01 2C

> SID | ALFID(4/4) | Address | Size(4) | Data(4)

rx_packet

Response

7D 44 20 00 10 00

> Positive Response (Address echoed, data NOT echoed)

Workflow & Logic

Workflow: Secured Memory Write

6 steps
Tester
ECU
SID 0x3D Write Workflow
Click to Enlarge

The validation and execution flow for a Write Memory request.

Negative Response Codes

Error_Catalog

Negative Response Codes

THREAT_LEVEL4 HIGH2 MEDIUM6 NRCs TOTAL
ISO_14229_ANNEX_ANRC_ENGINE_V2
0x37 Request Transfer Exit0x3E Tester Present